currently I am running a mail server (dovecot/postfix via iRedMail). It uses Nginx to power the admin backend as well as the webmail (roundcubemail). On my server I have certbot renewing for the following setup.
my crontab is set to run the command to check for certificate renewals.
certbot renew --post-hook ‘service postfix restart; service nginx restart; service dovecot restart’
mail.oregonrenaissance.org (postfix/Dovecot mail server, round cube webmail, iredAdmin backend)
I have 9 websites that also get certificates on the same machine (using the -nginx plugin)
I’d like to move the web hosting to its own machine but the problem is that certbot relies on being able to use port 80 for its authorization checks.
I was thinking that I could just add a command in the --post-hook to scp the certificates to an identical directory on the 2nd server after they are renewed.
I guess my question is, would this work or is there a better way that the email server machine can still get its certificate even though its not listening on port 80 anymore?